Skills
skills/aradotso/claude-code-skills/claude-code-rust/Gen Agent Trust Hub

claude-code-rust

Fail

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to clone a repository and download pre-compiled binaries from github.com/lorryjovens-hub. This source is not a recognized or trusted organization, posing a significant supply chain risk.
  • [REMOTE_CODE_EXECUTION]: The installation process involves executing shell scripts (scripts/install-linux.sh) and PowerShell scripts (scripts/install-windows.ps1) from an unverified repository. Additionally, the CI/CD example encourages downloading a binary via curl and executing it directly after a chmod +x operation.
  • [COMMAND_EXECUTION]: The documentation suggests using sudo cp to move the generated binary into protected system directories (/usr/local/bin/), which introduces privilege escalation risks during the installation of unverified software.
  • [DATA_EXFILTRATION]: The provided code examples for the SSH client module demonstrate accessing the user's private SSH key at ~/.ssh/id_rsa. While these are shown as snippets, encouraging an agent to handle or process private keys is a high-risk pattern for sensitive data exposure.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 17, 2026, 10:56 AM
Security Audit — agent-trust-hub — claude-code-rust